Searching the Help
To search for information in the Help, type a word or phrase in the Search box. When you enter a group of words, OR is inferred. You can use Boolean operators to refine your search.
Results returned are case insensitive. However, results ranking takes case into account and assigns higher scores to case matches. Therefore, a search for "cats" followed by a search for "Cats" would return the same number of Help topics, but the order in which the topics are listed would be different.
Words and Phrases
| Search for | Example | Results |
|---|---|---|
| A single word | cat
|
Topics that contain the word "cat". You will also find its grammatical variations, such as "cats". |
|
A phrase. You can specify that the search results contain a specific phrase. |
"cat food" (quotation marks) |
Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase. |
Using Boolean Operators
| Search for | Operator | Example |
|---|---|---|
|
Two or more words in the same topic |
|
|
| Either word in a topic |
|
|
| Topics that do not contain a specific word or phrase |
|
|
| Topics that contain one string and do not contain another | ^ (caret) |
cat ^ mouse
|
| A combination of search types | ( ) parentheses |
|
SSO Security Notes
-
The
initStringparameter in SSO security is used as follows:SSO uses Symmetric Encryption to validate and create an SSO token. The
initStringparameter within the configuration is used for initialization of the secret key. An application creates a token, and each application that uses the sameinitStringparameter validates the token.Note The following information is very important:
- It is not possible to use SSO without setting the
initStringparameter. - The
initStringparameter is confidential information and should be treated as such in terms of publishing, transporting, and persistency. - Applications that integrate with each other can share the
initStringusing SSO. - The minimum length of the
initStringis 12 characters.
- It is not possible to use SSO without setting the
- Disable SSO unless it is specifically required.
-
The application that uses the weakest authentication framework, and issues an SSO token that is trusted by other integrated applications, determines the level of authentication security for all the applications.
recommends that only applications using strong and secure authentication frameworks issue an SSO token.
-
Symmetric encryption implication:
SSO uses symmetric cryptography for issuing and validating SSO tokens. Therefore, any application using SSO can issue a token to be trusted by all other applications sharing the same
initString.This potential risk is relevant when an application sharing the
initStringeither resides or is accessible in an untrusted location. -
User roles:
SSO does not share user roles between integrated applications. Therefore, the integrated application must monitor user roles. recommends you share the same user registry (as LDAP/AD) among all integrated applications.
Failure to manage user roles might cause security breaches and negative application behavior. For example, the same user name might be assigned to different roles in the integrated applications.
There could be situations when a user logs on to application A, then accesses application B that uses container or application authentication. The failure to manage the user role will force the user to manually log on to application B and enter a username. If the user enters a different user name than the one used to log on to application A, the following unexpected behavior can arise: If the user subsequently accesses a third application, application C, from application A or application B, then the user will access it using the user names that were used to log on to application A or application B respectively.
-
Identity Manager is used for an authentication:
All unprotected resources in the Identity Manager must be configured as nonsecure URL settings in the SSO configuration.
-
SSO demonstration mode:
- Use the SSO demonstration mode for demonstrative purposes only.
- Only use the demonstration mode in unsecured networks.
- Do not use the demonstration mode in production. Any combination of the demonstration mode with the production mode should not be used.
We welcome your comments!
To open the configured email client on this computer, open an email window.
Otherwise, copy the information below to a web mail client, and send this email to network-management-doc-feedback@hpe.com.
Help Topic ID:
Product:
Topic Title:
Feedback: